Candidate: CVE-2020-6582
PublicDate: 2020-03-16 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6582
 https://herolab.usd.de/security-advisories/
 https://herolab.usd.de/security-advisories/usd-2020-0001/
Description:
 Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by
 interpretation of a small negative number as a large positive number during
 a bzero call.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_nagios-nrpe:
 upstream: https://github.com/NagiosEnterprises/nrpe/commit/b84f9b8c9d290dd02e139df8dad1c3eb690c1213
 upstream: https://github.com/NagiosEnterprises/nrpe/commit/8e3bea4e1b1937e395a182729762aa8894e8649e
 upstream: https://github.com/NagiosEnterprises/nrpe/commit/0db345444d0dcb3e37cca1bcbb0027dcbb764197 (part validating incoming buffer size)
upstream_nagios-nrpe: released (4.0.0-1)
precise/esm_nagios-nrpe: DNE
trusty_nagios-nrpe: ignored (out of standard support)
trusty/esm_nagios-nrpe: DNE
xenial_nagios-nrpe: ignored (end of standard support, was needs-triage)
esm-infra/xenial_nagios-nrpe: needs-triage
bionic_nagios-nrpe: needed
eoan_nagios-nrpe: ignored (reached end-of-life)
focal_nagios-nrpe: not-affected (4.0.0-2ubuntu1)
groovy_nagios-nrpe: not-affected (4.0.0-2ubuntu1)
hirsute_nagios-nrpe: not-affected (4.0.0-2ubuntu1)
impish_nagios-nrpe: not-affected (4.0.0-2ubuntu1)
jammy_nagios-nrpe: not-affected (4.0.0-2ubuntu1)
devel_nagios-nrpe: not-affected (4.0.0-2ubuntu1)